The saga unfolds.

Discussion in 'Tomato Firmware' started by Toxic, Oct 22, 2007.

  1. Toxic

    Toxic Administrator Staff Member

    Yesterday Geektek reported a Trojan on one of the Tomato threads of our website. today I had some free time to try and look into this yet I could not find any problem with the thread. I was somewhat at a loss (and still am) as to how this had happened. I could not see anything wrong with the thread or every individual post. I edited each post double checking its real text, however I could not find any trojan within the text of any post in the specific thread. I even saved the thread file to hard disk, sent him the archived files to test. he found nothing.

    I can only assume that Geekteks setup Antivirus/browser package has caused a false negative that only he and a very few had seen. now I cannot confirm his findings since the package he uses trashed my Laptop tonight. I had I copied the thread over to another forum and this was tested as "Free" from anything that Geektek could find.

    I do not know what the problem was all I can say it has been resolved to his demands. Since I had a copy of the initial thread, i deleted the original and then moved the copied one back.

    so you would think that was it. in IT we have problems, and we have fixes. and we get on with life.


    Geektek gets a bitch on, saying he cannot trust my site and posts:

    And a little bump for all the trouble you put me through with your customized trojan.

    Geektek do you honestly think that in the 4 years I have been running this site, that I would maliciously add a customized Trojan into a thread? get real man.

    Since you have already mentioned you are leaving, I will help you on your way.

    the thread is fixed to you demands, though the vast majority like 99% of us had no problem with it. I will not however lower myself to your behavior.

    Appologies to all that have been affected or had to read this drivel. tomorrow I will restore my trashed Laptop:) what a day...
  2. Mastec

    Mastec Network Guru Member

    You don't have to apologize for nothing. You didn't do anything wrong.

    I use the same software he uses and there were no hits on any virus or trojan when I opened the page.

    Don't loose sleep over this. rocks..... :)
  3. pablito

    pablito Network Guru Member

    A trojan *in* the text of a thread? That would be a new one I've never heard of. Linked to a malicious site, trojan'd attachement, html tricks, yes, but in the text?

    I have wondered however why the site runs on an IIS server. Every time it goes down or throws an MS SQL error I wonder.... but to each his own.
  4. lwf-

    lwf- Network Guru Member

    Any idea how it got there?
  5. Toxic

    Toxic Administrator Staff Member

    lwf. I cannot confirm it was even in the thread. I could not find anything.
  6. bogderpirat

    bogderpirat Network Guru Member

    okay, now how does this charade deserve a stickythread?
  7. lwf-

    lwf- Network Guru Member

    I see. As have said, three times now actually so maybe there is no need for it, but well here it goes; NOD32 2.7 (stable, no beta) found this trojan for me as well. The tread was perfectly accessible but NOD32 found this trojan in the Firefox cache every time I opened any page in that topic. I tried downloading the page and scanning it but I got nothing.

    So if you didn’t find anything, which you didn’t, my guess is that the page somehow resembled NOD32s signature when Firefox cached it. I mean some antivirus goes bananas just because some program is UPX-compressed, not NOD32 but you get my idea, false positives can always happen and NOD32 works very much with heuristics and those can guess wrong sometimes.

    And yeah, about the sticky... I honestly don’t think there are many visitors here that give a rat **** about this; the problem is fixed so let’s just go on with our lives... I’m just here for router related topics, not internet drama and I believe the majority of visitors share that opinion. You shouldn’t even have to defend yourself against the claims that I have seen, both because they are ridicules and because there is only one guy that got that attitude and he left. Case closed I say.
  8. Mastec

    Mastec Network Guru Member

    AMEN!!!!! :eek:nfire:
  9. Moombas

    Moombas Network Guru Member

    For what it's worth, I'm running NOD32 and I haven't gotten any warning messages about anything suspicious.
  10. pharma

    pharma Network Guru Member


    Another NOD32 RC 3.0.414 here with nothing suspicious detected at this site. It's unfortunate the slanderous, negative comments were stated before checking whether it was an isolated problem with this particular user's setup.
  11. MiseryQ

    MiseryQ Network Guru Member

    I'm one of the few that had NOD32 quarantine the page and block access.
    Besides a curiosity factor I couldn't care less.
    The false warning didn't keep me from DL'ing, using or enjoying Tomato 1.10.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice